vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / xxh.nix
blob3af8e53779e3423b9f47546db97d1df9a67197ce
1 import ./make-test-python.nix ({ pkgs, lib, ... }:
3   let
4     inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
5     xxh-shell-zsh = pkgs.stdenv.mkDerivation {
6       pname = "xxh-shell-zsh";
7       version = "";
8       src = pkgs.fetchFromGitHub {
9         owner = "xxh";
10         repo = "xxh-shell-zsh";
11         # gets rarely updated, we can then just replace the hash
12         rev = "91e1f84f8d6e0852c3235d4813f341230cac439f";
13         sha256 = "sha256-Y1FrIRxTd0yooK+ZzKcCd6bLSy5E2fRXYAzrIsm7rIc=";
14       };
16       postPatch = ''
17         substituteInPlace build.sh \
18           --replace "echo Install wget or curl" "cp ${zsh-portable-binary} zsh-5.8-linux-x86_64.tar.gz" \
19           --replace "command -v curl" "command -v this-should-not-trigger"
20       '';
22       installPhase = ''
23         mkdir -p $out
24         mv * $out/
25       '';
26     };
28     zsh-portable-binary = pkgs.fetchurl {
29       # kept in sync with https://github.com/xxh/xxh-shell-zsh/tree/master/build.sh#L27
30       url = "https://github.com/romkatv/zsh-bin/releases/download/v3.0.1/zsh-5.8-linux-x86_64.tar.gz";
31       sha256 = "sha256-i8flMd2Isc0uLoeYQNDnOGb/kK3oTFVqQgIx7aOAIIo=";
32     };
33   in
34   {
35     name = "xxh";
36     meta = with lib.maintainers; {
37       maintainers = [ lom ];
38     };
40     nodes = {
41       server = { ... }: {
42         services.openssh.enable = true;
43         users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
44       };
46       client = { ... }: {
47         programs.zsh.enable = true;
48         users.users.root.shell = pkgs.zsh;
49         environment.systemPackages = with pkgs; [ xxh git ];
50       };
51     };
53     testScript = ''
54       start_all()
56       client.succeed("mkdir -m 700 /root/.ssh")
58       client.succeed(
59          "cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa"
60       )
61       client.succeed("chmod 600 /root/.ssh/id_ecdsa")
63       server.wait_for_unit("sshd")
65       client.succeed("xxh server -i /root/.ssh/id_ecdsa +hc \'echo $0\' +i +s zsh +I xxh-shell-zsh+path+${xxh-shell-zsh} | grep -Fq '/root/.xxh/.xxh/shells/xxh-shell-zsh/build/zsh-bin/bin/zsh'")
66     '';
67   })